[8635] in cryptography@c2.net mail archive
Re: secure hash modes for rijndael
daemon@ATHENA.MIT.EDU (John Kelsey)
Tue Apr 3 20:32:14 2001
Message-Id: <4.1.20010402220608.00a00d50@pop.ix.netcom.com>
Date: Mon, 02 Apr 2001 22:08:45 -0400
To: "Steven M. Bellovin" <smb@research.att.com>,
Pete Chown <Pete.Chown@skygate.co.uk>
From: John Kelsey <kelsey.j@ix.netcom.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: <20010402211145.600A335C42@berkshire.research.att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 05:11 PM 4/2/01 -0400, Steven M. Bellovin wrote:
...
>I asked some NIST folks that question. Their answer was that they
>didn't have the resources to run two large, public efforts
>simultaneously. Hash functions induce much less public paranoia than
>do encryption algorithms; few people think that NSA wants to forge
>hashes.
The really weird part is, finding collisions in hash functions lets you do
much more interesting attacks than just reading someone's mail, but those
are attacks that you'd do to frame someone or steal money from them, not to
gather intelligence. By default, I guess NSA is more-or-less trusted with
the ability to steal lots of money, but not with the ability to eavesdrop
on everyone....
> --Steve Bellovin, http://www.research.att.com/~smb
--John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
